Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Saturday 8.3.2025 / 20:10
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > pc infected with many worms, trojans, spyware, etc.
Show topics
 
Forums
Forums
PC infected with many worms, trojans, spyware, etc.
  Jump to:
 
Posted Message
Page:< Previous12
Tigrita
Junior Member
_ 		22. March 2008 @ 09:53 _ Link to this message    Send private message to this user   
Dear Ltangel,
First good news, The IE is performing much faster than before :)))

Since I couldn't find the "xing shared" file, I tried to perform a search and got a message "Can not perform search, a file that is required to run search companion cannot be found"

Here is my log:

ComboFix 08-03-20.5 - Betty 2008-03-22 14:40:23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1688 [GMT 1:00]
Running from: C:\Documents and Settings\Betty\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Betty\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\lnnmp.ini2
C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\stutv.ini2
C:\WINDOWS\system32\wdkcepyq.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\!KillBox
C:\!KillBox\jncixdct.dll ( 1)
C:\!KillBox\Logs\kb.log
C:\!KillBox\mloiotut.dll
C:\!KillBox\qomlmjg.dll ( 2)
C:\!KillBox\qomlmjg.dll
C:\!KillBox\qomlmjg.dll( 2)
C:\!KillBox\skeysw.exe
C:\Documents and Settings\Betty\Application Data\Comma Separated Values (Windows).ADR\
C:\Documents and Settings\Betty\Application Data\DNA
C:\Documents and Settings\Betty\Application Data\DNA\dht.dat
C:\Documents and Settings\Betty\Application Data\DNA\dht.dat.old
C:\Documents and Settings\Betty\Application Data\DNA\resume.dat
C:\Documents and Settings\Betty\Application Data\DNA\resume.dat.old
C:\Documents and Settings\Betty\Application Data\DNA\settings.dat
C:\Documents and Settings\Betty\Application Data\DNA\settings.dat.old
C:\Documents and Settings\Betty\Application Data\LimeWire
C:\Documents and Settings\Betty\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
C:\Documents and Settings\Betty\Application Data\LimeWire\410splashpro.png
C:\Documents and Settings\Betty\Application Data\LimeWire\createtimes.cache
C:\Documents and Settings\Betty\Application Data\LimeWire\fileurns.bak
C:\Documents and Settings\Betty\Application Data\LimeWire\fileurns.cache
C:\Documents and Settings\Betty\Application Data\LimeWire\filters.props
C:\Documents and Settings\Betty\Application Data\LimeWire\gnutella.net
C:\Documents and Settings\Betty\Application Data\LimeWire\installation.props
C:\Documents and Settings\Betty\Application Data\LimeWire\library.dat
C:\Documents and Settings\Betty\Application Data\LimeWire\limewire.props
C:\Documents and Settings\Betty\Application Data\LimeWire\pub1.key
C:\Documents and Settings\Betty\Application Data\LimeWire\public.key
C:\Documents and Settings\Betty\Application Data\LimeWire\questions.props
C:\Documents and Settings\Betty\Application Data\LimeWire\simpp.xml
C:\Documents and Settings\Betty\Application Data\LimeWire\spam.dat
C:\Documents and Settings\Betty\Application Data\LimeWire\tables.props
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme.lwtp
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\01_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\02_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\03_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\04_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\05_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\chat.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\dir_closed.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\dir_open.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\forward_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\forward_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\kill.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\kill_on.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\lime.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\logo.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\notsearching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\pause_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\pause_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\play_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\play_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\question.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\rewind_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\searching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\splash.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\stop_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\stop_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\theme.txt
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\warning.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme.lwtp
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\01_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\02_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\03_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\04_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\05_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\chat.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\dir_open.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\forward_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\kill.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\logo.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\notsearching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\pause_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\play_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\play_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\question.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\search.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\searching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\splash.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\stop_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\theme.txt
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\warning.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme.lwtp
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\01_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\02_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\03_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\04_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\05_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\chat.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\kill.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\lime.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\logo.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\play_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\question.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\searching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\splash.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\theme.txt
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\warning.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme.lwtp
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\01_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\02_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\03_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\04_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\05_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\chat.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\dir_closed.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\dir_open.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\forward_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\forward_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\kill.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\kill_on.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\lime.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\logo.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\notsearching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\pause_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\pause_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\play_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\play_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\question.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\rewind_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\rewind_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\searching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\splash.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\stop_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\stop_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\theme.txt
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\warning.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme.lwtp
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\01_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\02_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\03_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\04_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\05_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\chat.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\forward_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\forward_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\kill.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\kill_on.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\logo.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\notsearching.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\pause_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\pause_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\play_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\play_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\question.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\rewind_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\searching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\splash.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\stop_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\stop_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\theme.txt
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\warning.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme.lwtp
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\01_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\02_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\03_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\04_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\05_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\chat.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\forward_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\kill.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\kill_on.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\logo.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\notsearching.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\pause_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\play_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\play_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\question.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\searching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\splash.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\stop_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\theme.txt
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\warning.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\ttree.cache
C:\Documents and Settings\Betty\Application Data\LimeWire\update.xml
C:\Documents and Settings\Betty\Application Data\LimeWire\version.key
C:\Documents and Settings\Betty\Application Data\LimeWire\version.xml
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\data\application.sxml
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\data\audio.sxml
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\data\delete_me
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\data\video.sxml
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\misc\application.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\misc\audio.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\misc\document.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\misc\image.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\misc\video.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\schemas\application.xsd
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\schemas\audio.xsd
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\schemas\document.xsd
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\schemas\image.xsd
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\schemas\video.xsd
C:\Documents and Settings\Betty\Application Data\Personal Address Book.ADR\
C:\IRCap
C:\IRCap\Crack\779b31484656d7207ff1d8e2c7a5ac1f896.zip
C:\IRCap\Crack\keygen.exe
C:\IRCap\Crack\XBiNX.nfo
C:\IRCap\mirc62.exe
C:\Program Files\Common Files\xing shared
C:\Program Files\Common Files\xing shared\mpeg encode\xmencmp3.dll
C:\VundoFix Backups
C:\VundoFix Backups\aacgptld.dll.bad
C:\VundoFix Backups\dltpgcaa.ini.bad
C:\VundoFix Backups\mllml.dll.bad
C:\VundoFix Backups\pmnlj.dll.bad
C:\VundoFix Backups\ssttt.dll.bad
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\lnnmp.ini2
C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\stutv.ini2
C:\WINDOWS\system32\wdkcepyq.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
.

2008-03-22 12:44 . 2008-03-22 12:44 <DIR> d-------- C:\_OTMoveIt
2008-03-21 18:05 . 2008-03-21 18:06 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-03-21 15:16 . 2008-03-22 12:36 1,540,055 ---hs---- C:\WINDOWS\system32\oisjtsab.ini
2008-03-21 14:20 . 2008-03-22 08:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-21 14:20 . 2008-03-21 14:20 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\SUPERAntiSpyware.com
2008-03-21 14:20 . 2008-03-21 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-21 14:19 . 2008-03-21 14:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-21 13:12 . 2008-03-21 13:12 1,539,724 ---hs---- C:\WINDOWS\system32\elmnvfub.ini
2008-03-20 23:34 . 2008-03-18 23:48 1,526,077 ---hs---- C:\WINDOWS\system32\pbptwjie.ini
2008-03-20 23:30 . 2008-03-20 23:30 354 ---hs---- C:\WINDOWS\system32\tyslcunr.ini
2008-03-20 22:23 . 2008-03-20 22:23 294 ---hs---- C:\WINDOWS\system32\vtnigbmw.ini
2008-03-20 09:41 . 2008-03-20 17:46 1,540,176 ---hs---- C:\WINDOWS\system32\yyclgtte.ini
2008-03-19 17:12 . 2007-03-19 17:20 1,534,825 ---hs---- C:\WINDOWS\system32\fxwodjpi.ini
2008-03-19 15:11 . 2008-03-19 15:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-19 15:04 . 2008-03-22 13:44 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-03-19 15:04 . 2008-03-19 15:04 <DIR> d-------- C:\Program Files\Zone Labs
2008-03-19 14:46 . 2008-03-19 14:46 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-19 13:37 . 2008-03-19 14:20 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-03-19 11:05 . 2007-03-19 11:30 <DIR> d-------- C:\SDFix
2008-03-19 10:22 . 2008-03-19 10:22 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\RegistrySmart
2008-03-19 10:21 . 2008-03-19 10:22 <DIR> d-------- C:\Program Files\RegistrySmart
2008-03-19 09:31 . 2008-03-19 09:31 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer
2008-03-19 09:31 . 2008-03-19 09:31 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\Sammsoft
2008-03-19 09:00 . 2007-03-19 11:10 1,525,531 ---hs---- C:\WINDOWS\system32\tkdulbpy.ini
2008-03-19 08:08 . 2008-03-19 08:57 1,525,099 ---hs---- C:\WINDOWS\system32\uytajghn.ini
2008-03-19 07:27 . 2008-03-19 08:05 1,524,664 ---hs---- C:\WINDOWS\system32\caabjwjs.ini
2008-03-18 23:50 . 2007-03-19 07:14 1,526,197 ---hs---- C:\WINDOWS\system32\ostcxxlp.ini
2008-03-18 16:08 . 2007-03-18 17:59 1,521,492 ---hs---- C:\WINDOWS\system32\xhartsjb.ini
2008-03-18 12:00 . 2008-03-18 12:00 1,390,596 ---hs---- C:\WINDOWS\system32\bijctraq.ini
2008-03-17 13:29 . 2008-03-17 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-03-17 12:45 . 2008-03-17 12:45 <DIR> d-------- C:\Program Files\VSO
2008-03-17 12:45 . 2008-03-18 11:48 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\Vso
2008-03-17 12:45 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-03-17 12:45 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-03-17 12:45 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-03-17 12:45 . 2006-09-29 12:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-03-17 12:45 . 2006-09-29 12:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-03-17 12:45 . 2006-09-29 12:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-03-17 12:45 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-03-17 12:45 . 2008-03-17 12:45 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-03-17 12:45 . 2008-03-17 12:45 47,360 --a------ C:\Documents and Settings\Betty\Application Data\pcouffin.sys
2008-03-17 12:42 . 2008-03-19 17:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-17 12:42 . 2008-03-17 12:47 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-03-17 09:51 . 2007-03-19 12:33 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-17 09:08 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2008-03-17 09:07 . 2008-03-17 09:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-03-17 08:36 . 2008-03-17 08:36 <DIR> d-------- C:\Program Files\SlySoft
2008-03-17 08:36 . 2008-03-17 08:36 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-03-16 13:16 . 2008-03-16 22:12 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\BitTorrent
2008-03-11 11:42 . 2008-03-11 11:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-03-03 18:38 . 2008-03-03 18:38 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\vlc
2008-03-03 18:37 . 2008-03-03 18:37 <DIR> d-------- C:\Program Files\VideoLAN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 13:44 600,096 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-22 13:42 9,104 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-22 13:28 --------- d-----w C:\Program Files\LimeWire
2008-03-18 16:51 --------- d-----w C:\Program Files\Java
2008-03-17 13:42 36,624 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-03-17 13:42 2,560 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-03-17 13:42 2,432 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-03-17 08:55 --------- d-----w C:\Documents and Settings\Betty\Application Data\Ahead
2008-02-18 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-02-18 13:29 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-02-18 13:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-18 13:28 --------- d-----w C:\Program Files\Common Files\Logitech
2008-02-18 13:28 --------- d-----w C:\Documents and Settings\Betty\Application Data\InstallShield
2008-02-14 10:54 --------- d-----w C:\Documents and Settings\Betty\Application Data\Apple Computer
2008-02-12 12:09 --------- d-----w C:\Program Files\Easy Duplicate Finder
2008-02-08 14:52 --------- d-----w C:\Program Files\iTunes
2008-02-08 14:52 --------- d-----w C:\Program Files\iPod
2008-02-08 14:51 --------- d-----w C:\Program Files\QuickTime
2008-02-08 14:51 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-08 14:51 --------- d-----w C:\Program Files\Bonjour
2008-02-08 14:51 --------- d-----w C:\Program Files\Apple Software Update
2008-02-08 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-08 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-08 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-06 12:49 17,920 ----a-w C:\WINDOWS\WebFerretUninstall.exe
2008-02-06 12:49 --------- d-----w C:\Program Files\WebFerret
2008-01-31 11:22 --------- d-----w C:\Documents and Settings\Betty\Application Data\Canon
2008-01-28 14:35 --------- d-----w C:\Program Files\Lavasoft
2008-01-28 14:35 --------- d-----w C:\Documents and Settings\Betty\Application Data\Lavasoft
2008-01-28 12:34 --------- d-----w C:\Program Files\eMule
2008-01-28 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-28 10:37 --------- d-----w C:\Program Files\Real
2008-01-28 10:37 --------- d-----w C:\Program Files\Common Files\Real
2008-01-27 02:00 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-27 02:00 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-26 10:18 --------- d-----w C:\Documents and Settings\Betty\Application Data\Jasc
2008-01-25 16:09 --------- d-----w C:\Program Files\ScanSoft
2008-01-25 16:09 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-01-25 16:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-25 16:09 --------- d-----w C:\Documents and Settings\Betty\Application Data\ScanSoft
2008-01-25 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-01-25 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-25 16:00 --------- d-----w C:\Program Files\Canon
2008-01-25 15:59 --------- d-----w C:\Program Files\Common Files\CANON
2008-01-25 15:57 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-01-25 15:56 --------- d--h--w C:\Program Files\CanonBJ
2008-01-16 02:04 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-21_13.03.21.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-21 13:20:17 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-03-21 13:20:17 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2a87ab3-8bd4-4b9e-ad2d-746e5a8e1470}]
C:\WINDOWS\system32\iscmlxap.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 13:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-07 05:00 8523776]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14 919016]
"4051595e"="C:\WINDOWS\system32\bastjsio.dll" [ ]
"BM43626ac2"="C:\WINDOWS\system32\bqcxkvkq.dll" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-18 14:28:55 784912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4051595e]
C:\WINDOWS\system32\aacgptld.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2006-01-12 20:52 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-03-17 08:37 454144 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder]
--a------ 2007-07-23 09:34 2084480 C:\Program Files\Advanced Registry Optimizer\ARO.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2007-12-04 14:00 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-12-24 03:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM43626ac2]
--a------ 2007-03-19 17:21 90688 C:\WINDOWS\system32\vopgebir.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
--a------ 2007-04-03 17:50 1603152 C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
--a------ 2007-05-14 17:01 644696 C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-04 14:18 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-13 00:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-11-07 05:00 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart]
--a------ 2008-03-14 15:09 4351216 C:\Program Files\RegistrySmart\RegistrySmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-28 11:37 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-02-10 16:27 1420560 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Adobe LM Service"=3 (0x3)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\WebFerret\\WebFerret.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=


.
Contents of the 'Scheduled Tasks' folder
"2008-03-22 02:30:03 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 14:43:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2008-03-22 14:45:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-22 13:45:27
ComboFix2.txt 2008-03-21 12:03:54
.
2008-03-19 08:00:28 --- E O F ---
[ + quote]
Advertisement
_ 		__
Ltangel
Member
_ 		22. March 2008 @ 10:30 _ Link to this message    Send private message to this user   
Hey Tigrita,

That's good to hear. The ComboFix.txt is looking better now, but we still have malicious files in there. Let's run ComboFix again.

Please follow my instructions carefully and try not to miss out any step or logs requested.

Fix with ComboFix

1. Please open Notepad. (Use ONLY Notepad and no other text editor)

[*] Click Start , then Run
[*]Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the quotebox below into the Notepad window:


Quote:
File::
C:\WINDOWS\system32\oisjtsab.ini
C:\WINDOWS\system32\elmnvfub.ini
C:\WINDOWS\system32\pbptwjie.ini
C:\WINDOWS\system32\tyslcunr.ini
C:\WINDOWS\system32\vtnigbmw.ini
C:\WINDOWS\system32\yyclgtte.ini
C:\WINDOWS\system32\fxwodjpi.ini
C:\WINDOWS\system32\tkdulbpy.ini
C:\WINDOWS\system32\uytajghn.ini
C:\WINDOWS\system32\caabjwjs.ini
C:\WINDOWS\system32\ostcxxlp.ini
C:\WINDOWS\system32\xhartsjb.ini
C:\WINDOWS\system32\bijctraq.ini
C:\WINDOWS\system32\msxml3a.dll
C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe

Folder::
C:\SDFix
C:\Documents and Settings\Betty\Application Data\BitTorrent
C:\Program Files\LimeWire
C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}

Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2a87ab3-8bd4-4b9e-ad2d-746e5a8e1470}]
C:\WINDOWS\system32\iscmlxap.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"4051595e"="C:\WINDOWS\system32\bastjsio.dll" [ ]
"BM43626ac2"="C:\WINDOWS\system32\bqcxkvkq.dll" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4051595e]
C:\WINDOWS\system32\aacgptld.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM43626ac2]
--a------ 2007-03-19 17:21 90688 C:\WINDOWS\system32\vopgebir.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

Note: The above script is specifically for this user, using it on another computer can may cause permanent damage to your system!

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. Reboot your computer.

---------------------------------------------------------------------

Run an anti-rootkit scan

Download Sophos Anti-Rootkit & save it to your desktop after filling out the questionaire and reading the EULA.

Note: You will need to enter your name, e-mail address and location in order to access the download page.
[*]Double-click sarsfx.exe to extract the files.
[*]Click the Accept button at the EULA, then Install to the default directory
[*]At the next prompt, click Yes to start the program
[*]Make sure the following are checked:[list]
[*]Running processes
[*]Windows Registry
[*]Local Hard Drives

[*]Click the "Start Scan" button.
[*]Allow the program to scan your computer - please be patient as it may take some time
[*]Once the scan has completed a window will pop-up with the results of the scan - click OK to this
[*]In the main window, you will see each of the entries found by the scan (if any)

[*]If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
[*]Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you

[*]If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
[*]To clean up these entries click on the Clean up checked items button
[*]If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
[*]Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
[*]When you have re-booted, please post a fresh HijackThis log into this thread and tell me how your computer is running now and if any rootkits have been found (please take down the file names of the rootkits found).

----------------------------------------------------------------------

Scan with MalwareByte's Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select "Perform Quick Scan", then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[*]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

----------------------------------------------------------------------

In your next reply (please include):

* Fresh HijackThis Log (after completing everything)
* ComboFix.txt
* Report on rootkit scan and computer performance(please tell me the names of all the rootkit files found, if any)
* MalwareByte's Anti-Malware log

Go!

~Ltangel~
[ + quote]
Windows and system security is my priority.
Tigrita
Junior Member
_ 		22. March 2008 @ 11:20 _ Link to this message    Send private message to this user   
Hi Ltangel,

1. RUNDLL: Errors loading bastjsio.ddd & bqcxkvkq.dll

2. Appeared after rebooting (after Combofix)
3. After running Sophos-Anti-Roothit, there were ?no hidden files found by scan?

Here is the first Hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:01:39 PM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\Betty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: {0741e8a5-e647-d2da-e9b4-4db83ba78a2e} - {e2a87ab3-8bd4-4b9e-ad2d-746e5a8e1470} - C:\WINDOWS\system32\iscmlxap.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [4051595e] rundll32.exe "C:\WINDOWS\system32\bastjsio.dll",b
O4 - HKLM\..\Run: [BM43626ac2] Rundll32.exe "C:\WINDOWS\system32\bqcxkvkq.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1200211951812
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/...ows-i586-jc.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 6904 bytes



Malwarebytes' Anti-Malware 1.09
Database version: 521

Scan type: Quick Scan
Objects scanned: 29023
Time elapsed: 1 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Sammsoft (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

And the seconf Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:13:16 PM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\Betty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: {0741e8a5-e647-d2da-e9b4-4db83ba78a2e} - {e2a87ab3-8bd4-4b9e-ad2d-746e5a8e1470} - C:\WINDOWS\system32\iscmlxap.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [4051595e] rundll32.exe "C:\WINDOWS\system32\bastjsio.dll",b
O4 - HKLM\..\Run: [BM43626ac2] Rundll32.exe "C:\WINDOWS\system32\bqcxkvkq.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1200211951812
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/...ows-i586-jc.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 6904 bytes
[ + quote]
Ltangel
Member
_ 		22. March 2008 @ 11:23 _ Link to this message    Send private message to this user   
Hey,

You left out ComboFix.txt. Can I have a look at it please?

Thanks. :)

Edit: Please hurry, I need to go soon. ComboFix.txt is located in C:\.
[ + quote]
Windows and system security is my priority.

This message has been edited since posting. Last time this message was edited on 22. March 2008 @ 11:38
Tigrita
Junior Member
_ 		22. March 2008 @ 11:45 _ Link to this message    Send private message to this user   
ComboFix 08-03-20.5 - Betty 2008-03-22 15:43:01.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1629 [GMT 1:00]
Running from: C:\Documents and Settings\Betty\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Betty\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
C:\WINDOWS\system32\bijctraq.ini
C:\WINDOWS\system32\caabjwjs.ini
C:\WINDOWS\system32\elmnvfub.ini
C:\WINDOWS\system32\fxwodjpi.ini
C:\WINDOWS\system32\msxml3a.dll
C:\WINDOWS\system32\oisjtsab.ini
C:\WINDOWS\system32\ostcxxlp.ini
C:\WINDOWS\system32\pbptwjie.ini
C:\WINDOWS\system32\tkdulbpy.ini
C:\WINDOWS\system32\tyslcunr.ini
C:\WINDOWS\system32\uytajghn.ini
C:\WINDOWS\system32\vtnigbmw.ini
C:\WINDOWS\system32\xhartsjb.ini
C:\WINDOWS\system32\yyclgtte.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Betty\Application Data\BitTorrent
C:\Documents and Settings\Betty\Application Data\BitTorrent\dht.dat
C:\Documents and Settings\Betty\Application Data\BitTorrent\Plato DVD Creator 3.75 + Key [App][English][www.zonatorrent.com].rar.torrent
C:\Documents and Settings\Betty\Application Data\BitTorrent\resume.dat
C:\Documents and Settings\Betty\Application Data\BitTorrent\resume.dat.old
C:\Documents and Settings\Betty\Application Data\BitTorrent\settings.dat
C:\Documents and Settings\Betty\Application Data\BitTorrent\settings.dat.old
C:\Program Files\LimeWire
C:\Program Files\LimeWire\log.txt
C:\SDFix
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FixComponents.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixSchedule.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\grep.exe
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\HPFix4.reg
C:\SDFix\apps\HPFix5.reg
C:\SDFix\apps\HPFix6.reg
C:\SDFix\apps\HPFix7.reg
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\Process.exe
C:\SDFix\apps\procs.exe
C:\SDFix\apps\psservice.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\Replace\regedit.exe
C:\SDFix\apps\Replace\W2K.exe
C:\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\apps\Replace\XP.exe
C:\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\apps\Replace\xp\null.sys
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\sed.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\srv2bk.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\vfind.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\winsec.reg
C:\SDFix\apps\zip.exe
C:\SDFix\backups\backupreg.zip
C:\SDFix\backups\backups.zip
C:\SDFix\backups\catchme.log
C:\SDFix\backups\HOSTS
C:\SDFix\catchme.exe
C:\SDFix\dummy.sys
C:\SDFix\Report.txt
C:\SDFix\RunThis.bat
C:\SDFix\SDFIX_ReadMe_Online.url
C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
C:\WINDOWS\system32\bijctraq.ini
C:\WINDOWS\system32\caabjwjs.ini
C:\WINDOWS\system32\elmnvfub.ini
C:\WINDOWS\system32\fxwodjpi.ini
C:\WINDOWS\system32\msxml3a.dll
C:\WINDOWS\system32\oisjtsab.ini
C:\WINDOWS\system32\ostcxxlp.ini
C:\WINDOWS\system32\pbptwjie.ini
C:\WINDOWS\system32\tkdulbpy.ini
C:\WINDOWS\system32\tyslcunr.ini
C:\WINDOWS\system32\uytajghn.ini
C:\WINDOWS\system32\vtnigbmw.ini
C:\WINDOWS\system32\xhartsjb.ini
C:\WINDOWS\system32\yyclgtte.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
.

2008-03-22 12:44 . 2008-03-22 12:44 <DIR> d-------- C:\_OTMoveIt
2008-03-21 18:05 . 2008-03-21 18:06 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-03-21 14:20 . 2008-03-22 08:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-21 14:20 . 2008-03-21 14:20 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\SUPERAntiSpyware.com
2008-03-21 14:20 . 2008-03-21 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-21 14:19 . 2008-03-21 14:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-19 15:11 . 2008-03-19 15:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-19 15:04 . 2008-03-22 14:50 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-03-19 15:04 . 2008-03-19 15:04 <DIR> d-------- C:\Program Files\Zone Labs
2008-03-19 14:46 . 2008-03-19 14:46 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-19 13:37 . 2008-03-19 14:20 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-03-19 10:22 . 2008-03-19 10:22 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\RegistrySmart
2008-03-19 10:21 . 2008-03-19 10:22 <DIR> d-------- C:\Program Files\RegistrySmart
2008-03-19 09:31 . 2008-03-19 09:31 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer
2008-03-19 09:31 . 2008-03-19 09:31 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\Sammsoft
2008-03-17 13:29 . 2008-03-17 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-03-17 12:45 . 2008-03-17 12:45 <DIR> d-------- C:\Program Files\VSO
2008-03-17 12:45 . 2008-03-18 11:48 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\Vso
2008-03-17 12:45 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-03-17 12:45 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-03-17 12:45 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-03-17 12:45 . 2006-09-29 12:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-03-17 12:45 . 2006-09-29 12:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-03-17 12:45 . 2006-09-29 12:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-03-17 12:45 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-03-17 12:45 . 2008-03-17 12:45 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-03-17 12:45 . 2008-03-17 12:45 47,360 --a------ C:\Documents and Settings\Betty\Application Data\pcouffin.sys
2008-03-17 12:42 . 2008-03-19 17:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-17 12:42 . 2008-03-17 12:47 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-03-17 09:51 . 2007-03-19 12:33 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-17 09:07 . 2008-03-17 09:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-03-17 08:36 . 2008-03-17 08:36 <DIR> d-------- C:\Program Files\SlySoft
2008-03-17 08:36 . 2008-03-17 08:36 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-03-11 11:42 . 2008-03-11 11:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-03-03 18:38 . 2008-03-03 18:38 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\vlc
2008-03-03 18:37 . 2008-03-03 18:37 <DIR> d-------- C:\Program Files\VideoLAN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 14:44 634,912 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-22 13:42 9,104 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-18 16:51 --------- d-----w C:\Program Files\Java
2008-03-17 13:42 36,624 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-03-17 13:42 2,560 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-03-17 13:42 2,432 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-03-17 13:42 158,456 ------w C:\WINDOWS\system32\pxwma.dll
2008-03-17 08:55 --------- d-----w C:\Documents and Settings\Betty\Application Data\Ahead
2008-02-18 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-02-18 13:29 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-02-18 13:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-18 13:28 --------- d-----w C:\Program Files\Common Files\Logitech
2008-02-18 13:28 --------- d-----w C:\Documents and Settings\Betty\Application Data\InstallShield
2008-02-14 10:54 --------- d-----w C:\Documents and Settings\Betty\Application Data\Apple Computer
2008-02-12 12:09 --------- d-----w C:\Program Files\Easy Duplicate Finder
2008-02-08 14:52 --------- d-----w C:\Program Files\iTunes
2008-02-08 14:52 --------- d-----w C:\Program Files\iPod
2008-02-08 14:51 --------- d-----w C:\Program Files\QuickTime
2008-02-08 14:51 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-08 14:51 --------- d-----w C:\Program Files\Bonjour
2008-02-08 14:51 --------- d-----w C:\Program Files\Apple Software Update
2008-02-08 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-08 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-08 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-06 12:49 8,192 ----a-w C:\WINDOWS\system32\NetFerret.dll
2008-02-06 12:49 17,920 ----a-w C:\WINDOWS\WebFerretUninstall.exe
2008-02-06 12:49 --------- d-----w C:\Program Files\WebFerret
2008-02-04 17:23 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.DLL
2008-01-31 11:22 --------- d-----w C:\Documents and Settings\Betty\Application Data\Canon
2008-01-28 14:35 --------- d-----w C:\Program Files\Lavasoft
2008-01-28 14:35 --------- d-----w C:\Documents and Settings\Betty\Application Data\Lavasoft
2008-01-28 12:34 --------- d-----w C:\Program Files\eMule
2008-01-28 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-28 10:37 --------- d-----w C:\Program Files\Real
2008-01-28 10:37 --------- d-----w C:\Program Files\Common Files\Real
2008-01-27 02:00 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-27 02:00 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-26 10:18 --------- d-----w C:\Documents and Settings\Betty\Application Data\Jasc
2008-01-25 16:09 --------- d-----w C:\Program Files\ScanSoft
2008-01-25 16:09 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-01-25 16:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-25 16:09 --------- d-----w C:\Documents and Settings\Betty\Application Data\ScanSoft
2008-01-25 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-01-25 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-25 16:00 --------- d-----w C:\Program Files\Canon
2008-01-25 15:59 --------- d-----w C:\Program Files\Common Files\CANON
2008-01-25 15:57 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-01-25 15:56 --------- d--h--w C:\Program Files\CanonBJ
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2a87ab3-8bd4-4b9e-ad2d-746e5a8e1470}]
C:\WINDOWS\system32\iscmlxap.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 13:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-07 05:00 8523776]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14 919016]
"4051595e"="C:\WINDOWS\system32\bastjsio.dll" [ ]
"BM43626ac2"="C:\WINDOWS\system32\bqcxkvkq.dll" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-18 14:28:55 784912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4051595e]
C:\WINDOWS\system32\aacgptld.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2006-01-12 20:52 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-03-17 08:37 454144 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder]
--a------ 2007-07-23 09:34 2084480 C:\Program Files\Advanced Registry Optimizer\ARO.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2007-12-04 14:00 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-12-24 03:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM43626ac2]
--a------ 2007-03-19 17:21 90688 C:\WINDOWS\system32\vopgebir.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
--a------ 2007-04-03 17:50 1603152 C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
--a------ 2007-05-14 17:01 644696 C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-04 14:18 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-13 00:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-11-07 05:00 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart]
--a------ 2008-03-14 15:09 4351216 C:\Program Files\RegistrySmart\RegistrySmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-28 11:37 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-02-10 16:27 1420560 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Adobe LM Service"=3 (0x3)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\WebFerret\\WebFerret.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=


.
Contents of the 'Scheduled Tasks' folder
"2008-03-22 02:30:03 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 15:44:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-22 15:44:22
ComboFix-quarantined-files.txt 2008-03-22 14:44:21
ComboFix2.txt 2008-03-22 13:45:31
ComboFix3.txt 2008-03-21 12:03:54
.
2008-03-19 08:00:28 --- E O F ---
[ + quote]
Tigrita
Junior Member
_ 		22. March 2008 @ 14:02 _ Link to this message    Send private message to this user   
Dear Ltangel,

First of all I would like to wish you and your loved ones a very happy Easter.

I am sorry we didn't get to finish fixing my computer. I hope you will be available to help me again when I return on the 6th of April. I am also sorry I made you spend so much of your time with me, you are truly a wonderful person.

All the best and warm regards,

Tigrita
[ + quote]
Ltangel
Member
_ 		22. March 2008 @ 23:48 _ Link to this message    Send private message to this user   
Hey Tigrita,

Thanks for your compliments. I'll bump your topic constantly and think of a fix for you when you return. Happy easter to you too. :)

~Ltangel~
[ + quote]
Windows and system security is my priority.
Ltangel
Member
_ 		29. March 2008 @ 05:11 _ Link to this message    Send private message to this user   
Bumped for original poster.


[ + quote]
Windows and system security is my priority.
Tigrita
Junior Member
_ 		6. April 2008 @ 07:48 _ Link to this message    Send private message to this user   
Dear Ltangel,
I am back and ready to continue, whenever you have time of course :)))
Have a wonderful day!!!
[ + quote]
peterpeck
Newbie
_ 		6. April 2008 @ 08:20 _ Link to this message    Send private message to this user   
so sorry about your problems but i would suggest a complete reinstall of your operating system i only use AVG free version and would you believe i have no problems with any viruses . also i use win xp system restore my operating system is WIN XP PRO.. regards win restore i disable at least twice per week but imediately start it up again then do a clean restore point ; if you are not careful system restore restore will keep re- installing any viruses you may have on youe system peterpeck
[ + quote]
Tigrita
Junior Member
_ 		6. April 2008 @ 18:37 _ Link to this message    Send private message to this user   
Dear Peterpeck,
Thank you for your suggestions, I am sure they are good. However, I have been following Ltangel's instructions from the beginning and all the way he/she has been absolutely wonderful to me. I know I have to follow the instructions to the end; his/her help has been absolutely great!!
[ + quote]
thor999
Member
_ 		8. April 2008 @ 04:25 _ Link to this message    Send private message to this user   
hell yeah they were great wow man, I wished i knew everything you did! are you self-taught? I mean, I know how to do this stuff onsite but, you take it to a whole new level!
[ + quote]
...and the dead shall walk the earth...
Ltangel
Member
_ 		10. April 2008 @ 08:25 _ Link to this message    Send private message to this user   
Hey Tigrita,

Welcome back! :)

Sorry, I've been really busy these days. Could you please post a fresh HijackThis log?

Thanks. :)
[ + quote]
Windows and system security is my priority.
Ltangel
Member
_ 		10. April 2008 @ 08:26 _ Link to this message    Send private message to this user   
Hey thor999,

Originally posted by thor999:
 hell yeah they were great wow man, I wished i knew everything you did! are you self-taught? I mean, I know how to do this stuff onsite but, you take it to a whole new level!
I have gone through proper training from malware removal experts, and have been doing this for quite a while. :) If you want to learn about malware removal, please PM me.
[ + quote]
Windows and system security is my priority.
Tigrita
Junior Member
_ 		12. April 2008 @ 07:07 _ Link to this message    Send private message to this user   
Dear LTangel,

Thank you so much for all your help through my crisis, you were very supportive. I understand you were very busy but I needed my PC and couldn't wait any longer so I took it to a professional who did the fixing for me. (I hope he did!!)
Thanks again for being there for me.
I wish you all the best.
Tigrita
[ + quote]
Advertisement
_ 		__
 
_
Ltangel
Member
_ 		12. April 2008 @ 07:16 _ Link to this message    Send private message to this user   
Hey Tigrita,

I see, no worries. :) However, if you are experiencing problems, feel free to call on me.

Good luck to you.

~Ltangel~
[ + quote]
Windows and system security is my priority.
 
Page:< Previous12
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > pc infected with many worms, trojans, spyware, etc.
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork